NMconnection VPN for Watchguard firewall

VPN connection logs:

Jan 14 14:49:26 ws-study nm-openvpn[67756]: OPTIONS ERROR: failed to negotiate cipher with server.  Add the server's cipher ('AES-256-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.
Jan 14 14:49:26 ws-study nm-openvpn[67756]: ERROR: Failed to apply push options
Jan 14 14:49:26 ws-study nm-openvpn[67756]: Failed to open tun/tap interface

What could I try next?

AI says:

The error indicates that the VPN client cannot negotiate a compatible encryption cipher with the server. The server requires ‘AES-256-CBC’, but the client is only configured to use ‘AES-256-GCM’, ‘AES-128-GCM’, and ‘CHACHA20-POLY1305’. To resolve this, you should add ‘AES-256-CBC’ to the list of allowed ciphers in the client’s configuration using the --data-ciphers option, ensuring compatibility with the server’s requirements.

Yet data-ciphers is already set:

image475×423 20.5 KB

The sreenshot indicates you are confusing:

• Data ciphers
• Data ciphers fallback

They are aren’t they? But I am no VPN configuration specialist. Furthermore they seem to have zero relation to what I find in the `/etc/NetworkManager/system-connection/*.nmconnection files.

I´ve found the solution though. Instead of selecting a Date ciphers fallback for a Watchguard firewall I’ve found that typing the text AES-256-CBC manually in the Data ciphers and leave the Data ciphers fallback empty.